On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
> I'll mark this bug as 'medium' at the moment. But this should be
> resolved as soon as possible.
>
> Kern, of course, any code would be welcome. It's clear that we should
> generate password on postinstall of package, not during compile-time.
>
> ** Changed in: bacula (Ubuntu)
> Importance: Undecided => Medium
> Status: New => Confirmed
I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy
(Eric), and this is his response. Sorry for emailer wrapping, but you can
probably figure it out.
On Wednesday 24 September 2008 16:18:58 you wrote:
> Hello Eric,
>
> Do you have some .deb magic I could send off to the Ubuntu Bacula
> maintainers so that they can generate random passwords when installing
> Bacula?
I use the bacula-common configuration script (debian/bacula-common.config) to
compute and store random password for all bacula packages. (my template file
is ok too)
if ! db_get bacula/director_passwd; then
db_set bacula/director_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/director_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/fd_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/fd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/sd_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/sd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
fi
After that, i use special strings to replace password in configuration file
(like for RPM)
On Wednesday 24 September 2008 11:13:20 Ante Karamatić wrote:
> I'll mark this bug as 'medium' at the moment. But this should be
> resolved as soon as possible.
>
> Kern, of course, any code would be welcome. It's clear that we should
> generate password on postinstall of package, not during compile-time.
>
> ** Changed in: bacula (Ubuntu)
> Importance: Undecided => Medium
> Status: New => Confirmed
I am not (yet) a Debian packaging expert, so I asked the Bacula .deb guy
(Eric), and this is his response. Sorry for emailer wrapping, but you can
probably figure it out.
On Wednesday 24 September 2008 16:18:58 you wrote:
> Hello Eric,
>
> Do you have some .deb magic I could send off to the Ubuntu Bacula
> maintainers so that they can generate random passwords when installing
> Bacula?
I use the bacula-common configuration script (debian/ bacula- common. config) to
compute and store random password for all bacula packages. (my template file
is ok too)
if ! db_get bacula/ director_ passwd; then director_ passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | director_ mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
db_set bacula/
head -c33)
db_set bacula/
head -c33)
db_set bacula/fd_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/fd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/sd_passwd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
db_set bacula/sd_mpasswd $(cat /dev/urandom | tr -dc _A-Z-a-z-0-9 |
head -c33)
fi
After that, i use special strings to replace password in configuration file
(like for RPM)
./configure ...
--with- dir-password= "XXX_REPLACE_ WITH_DIRECTOR_ PASSWORD_ XXX" \
--with- fd-password= "XXX_REPLACE_ WITH_CLIENT_ PASSWORD_ XXX" \
--with- sd-password= "XXX_REPLACE_ WITH_STORAGE_ PASSWORD_ XXX" \
--with- mon-dir- password= "XXX_REPLACE_ WITH_DIRECTOR_ MONITOR_ PASSWORD_ XXX"
--with- mon-fd- password= "XXX_REPLACE_ WITH_CLIENT_ MONITOR_ PASSWORD_ XXX"
--with- mon-sd- password= "XXX_REPLACE_ WITH_STORAGE_ MONITOR_ PASSWORD_ XXX"
\
\
\
At the end, i just have to replace XXX_...XXX strings by what we have computed
in each
package.postinst script.
db_get bacula/ director_ mpasswd
db_dir_ mpass=" $RET"
db_fd_ mpass=" $RET"
db_sd_ mpass=" $RET"
db_get bacula/fd_mpasswd
db_get bacula/sd_mpasswd
db_stop
sed \ REPLACE_ WITH_DIRECTOR_ MONITOR_ PASSWORD_ XXX%$db_ dir_mpass% " REPLACE_ WITH_STORAGE_ MONITOR_ PASSWORD_ XXX%$db_ sd_mpass% " REPLACE_ WITH_CLIENT_ MONITOR_ PASSWORD_ XXX%$db_ fd_mpass% "
-e "s%XXX_
\
-e "s%XXX_
\
-e "s%XXX_
\
< $SRCDIR/$CONFIG > $TARGET
At the end, if you configure FD/SD/DIR/Console on the same box, all your
passwords
will be ok.
They have also to remove the XXAddress = 127.0.0.1 from all configuration
file.